Analyst – TP Risk Management

Analyst, TP Risk Management Role Overview

The TP Risk Management - Analyst is responsible for performing comprehensive cybersecurity risk assessments of third-party vendors and partners. You will work closely with cybersecurity, risk management, and business stakeholders to evaluate vendor risks, develop remediation strategies, and drive consistency across assessments using Service Now GRC.

• Perform cybersecurity Third-Party Risk Assessments (TPRAs) within Service Now GRC, ensuring accuracy and completeness.
• Communicate assessment findings and recommendations to Information Security and Risk Management teams.
• Collaborate with stakeholders to design and implement remediation strategies for identified vendor risks.
• Provide consultative guidance to cybersecurity and business teams on third-party risk understanding and mitigation.
• Identify and implement process improvements to enhance efficiency and consistency in TPRA operations.
• Maintain detailed documentation of all assessments, decisions, and outcomes within Service Now.

• Conduct cybersecurity risk assessments in Service Now GRC for third-party vendors, focusing on their cybersecurity capabilities and data protection practices. Frequency:
  Weekly. Due Date: 12/31/2025. Acceptance Criteria:
  Each assessment meets the mutually agreed criteria defined during the Assessment Definition Phase.
• Identify and evaluate potential cyber risks associated with third-party vendors, assessing their impact on data security and confidentiality. Frequency:
  Weekly. Due Date: 12/31/2025.
• Maintain complete and accurate records of consultations, outcomes, and recommendations in Service Now. Frequency:
  Weekly. Due Date: 12/31/2025.
• Provide third-party cybersecurity consulting to business units, ensuring awareness of key risks and best practices. Frequency:
  Weekly. Due Date: 12/31/2025. Deliverables meet predefined quality standards; maintain consultation records and recommendations in Service Now.

• Bachelor's degree in Information Security, Risk Management, or a related field (or equivalent experience).
• 3+ years of experience conducting cybersecurity or third-party risk assessments.
• Hands-on experience with Service Now GRC or similar governance, risk, and compliance platforms.
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA).
• Excellent communication and collaboration skills with cross-functional teams.
• Analytical mindset with attention to detail and continuous improvement focus.

• Ability to synthesize complex vendor information into actionable insights.
• Demonstrated consistency in delivering high-quality, on-time assessments.
• Effective stakeholder engagement and clear communication of risk posture.
• Commitment to continuous improvement and process excellence.

Atlas is a global strategic consulting firm, focused on the Life Sciences industry. Our services include Management Consulting, Managed Services and Agile Services. Global pharmaceutical companies and emerging players in life sciences depend on Atlas consultants to ensure they have the capabilities that will give them the ability to succeed. We are seeking Atlas IMPACT Makers who are ready to lead and innovate in dynamic environments.

IMPACT Makers embody the principles of Atlas, driving transformative change and delivering outstanding results.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, genetics, disability, age, or veteran status. We value diversity and inclusion in our workplace and are committed to creating an environment where everyone has an equal opportunity to succeed.

#LI-Hybrid #LI-LJ1